Re: Kerberos+LDAP and pam_filter
Am Saturday, den 6 October hub Roberto C. Sánchez folgendes in die Tasten:
> Today I just finished switching one of my sites from LDAP-only to
> One thing that I liked about LDAP and pam_ldap was that I could use
> something like "pam_filter |(host=somehost)(host=\*)" on each host,
> along with "host=somehost" or "host=*" in each user's LDAP entry. This
> allowed me to restrict who could log in to each host.
> Now that I have switched to using pam_krb53 and am only using LDAP for
> the location of the home directories and the uid/gid, it doesn't appear
> that the pam_filter line in libnss-ldap.conf is working. I also had the
What exactly have you put into /etc/libnss-ldap.conf?
I'm using some filters at work which work as expected.
> same line in /etc/pam_ldap.conf, but I have removed all the pam_ldap
> entries from /etc/pam.d/*.
> Does anyone know how I might be able to restore that behavior?
Try something like this:
nss_base_passwd ou=People,<My BASEE DN>?one?domain=foo
Follow the white penguin.